CN107204876B - Network security risk assessment method - Google Patents
Network security risk assessment method Download PDFInfo
- Publication number
- CN107204876B CN107204876B CN201710364501.1A CN201710364501A CN107204876B CN 107204876 B CN107204876 B CN 107204876B CN 201710364501 A CN201710364501 A CN 201710364501A CN 107204876 B CN107204876 B CN 107204876B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- node
- risk
- alarm
- risk assessment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a network security risk assessment method, which dynamically assesses the security of a target network by combining an intrusion detection system, vulnerability detection and a real-time attack event acquired by a third party on the basis of static risk assessment. In risk assessment, the value of an asset is usually defined by experts or management personnel in static assessment, and does not change greatly in a period of time; the dynamic change of the threat and vulnerability information can be carried out by means of corresponding tools; the intrusion detection system and the firewall are used as a monitoring system, and can alarm abnormal events at any time, and the alarm information is the threat possibly suffered by the system and is also an important basis for evaluating the risk condition of the system. The invention can effectively improve the accuracy and real-time performance of network risk assessment, and further implement safety defense measures according to risk assessment results, and effectively control risks in time.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a network security risk assessment method.
Background
The network security risk assessment method mainly comprises two types: static evaluation and dynamic evaluation. And the static evaluation comprehensively evaluates the risk level of the network by statically evaluating factors such as the value of the target network, security holes, the occurrence frequency of security events and the like. The information security risk assessment method adopted by people at present is basically limited to a static assessment method. Research on dynamic network security risk assessment is still in an exploration stage at home and abroad, and risk assessment is mainly performed on the basis of two aspects of vulnerabilities and threats.
The vulnerability-based risk assessment method adopts the existing vulnerability scanning tool to find out vulnerabilities which are possibly threatened to be utilized in an auxiliary mode, and the severity degrees of the vulnerabilities are assessed. The chenchenchenjia and the like indicate that the attacker utilizes the characteristics of the vulnerabilities to access unauthorized resources on the computer system or to have destructive influence on the computer system. The shinning and the like propose to carry out security risk quantitative evaluation on the computer vulnerability use risk propagation model. And finally, the Sunde proposes an index-fused network security situation evaluation model, establishes a vulnerability harmfulness quantification mechanism based on a general vulnerability scoring system, and corrects the whole network security situation value by using real-time performance data. And Malchi and the like propose that a vulnerability hazard grade assessment system is constructed by using an analytic hierarchy process, and then quantitative and qualitative risk assessment is carried out on the vulnerability hazard grade by using a fuzzy theory.
The risk assessment method based on the threat utilizes an intrusion detection system to monitor network security events and collect flow information in real time, and the influence degree of the security events on the network is assessed according to the hazard degrees of the security events. And the Chenxiu and the like establish a fine-grained threat situation assessment model based on 3 levels of service, host and network systems by acquiring intrusion information. But the model does not analyze the incidence between host vulnerabilities. The method is based on a danger signal theory, quantifies an original danger signal, further detects a network attack event, and finally realizes risk assessment on the whole network. Penlingxi et al propose a risk assessment model based on a risk theory, which can effectively and real-timely assess risk values of each type of attack event and the overall network from two granularities of a host and the network. Warrior and the like propose that multi-source IDS data are fused by using a D-S evidence theory, so that the network security situation is calculated and the network security trend is predicted. The Zhangwei and the like provide a matrix type attack and defense game model, the privilege state of an attacker on a network entity is used as an element of an attack and defense random game model, the dynamic change of the attack and defense state of the network is modeled, and the attack behavior is predicted and the optimal defense strategy is decided.
The static-based network security risk assessment analysis method can roughly assess the risk state of the network for a long time, but lacks real-time network security risk detection and adaptive capacity for the attack suffered by the system. In the dynamic risk assessment method, although the vulnerability of the network system can be effectively discovered by the vulnerability-based network security risk assessment analysis method, the vulnerability is only assessed in isolation, and the interrelation between the vulnerability and the potential security risk generated by the vulnerability are ignored. The risk assessment method based on the threat cannot effectively restore the attack scene and predict the attack behavior.
At present, the research of network security risk assessment is still in a continuous exploration stage, and no matter a vulnerability-based and threat-based risk assessment method is adopted to analyze the network security risk, a good solution is not found yet.
Disclosure of Invention
The invention aims to provide a network security risk assessment method, which can effectively improve the accuracy and real-time performance of network risk assessment, further implement security defense measures according to a risk assessment result, and timely and effectively control risks.
In order to solve the technical problems, the invention adopts the technical scheme that:
a network security risk assessment method comprises the following steps:
step 1: performing static risk assessment on the target network, and giving a static assessment result;
step 2: identifying the network assets, assigning asset value, and performing correlation analysis on the assets and the vulnerability;
and step 3: evaluating the vulnerability adoption success probability by adopting a CVSS (common vulnerability assessment system) evaluation index; using a formulaCalculating the importance degree L of the node assets; wherein L isc、LI、LaRespectively representing the quantified values of confidentiality, integrity and availability attributes corresponding to the nodes, and rounding the function representation to 3 decimal places;
and 4, step 4: adopting a vulnerability scanner to carry out vulnerability identification on the network nodes, detecting the vulnerability of the current node, and adopting a formula according to the CVSS evaluation indexCalculating the threat degree T of each vulnerability; wherein, Base is CVSS score, K is success probability of vulnerability attack, and K is a number in the range of 0-1;
and 5: receiving real-time attack event alarms of current nodes provided by an intrusion detection system, a firewall and a third party, and classifying alarm information according to different vulnerabilities;
step 6: analyzing the intrusion detection, the firewall and the third-party data sample;
based on the formulaCalculating an alarm quantity parameter Num influencing the node vulnerability risk index; wherein ni is a certain alarm threshold, and num is the number of certain alarms;
based on the formulaCalculating an alarm source type (Cat) influencing the node vulnerability risk index; wherein, the total alarm source type of cn, ci is the source type of a certain alarm;
based on the formulaCalculating an alarm level parameter Lev influencing the node vulnerability risk index; wherein N is1、N2、N3Respectively corresponding to the number of high, medium and low level alarm events, W1、W2、W3Is the weight value of the corresponding level;
step 7, calculating the node vulnerability risk index P by adopting a formula P ═ Num × cast × Lev, and then adopting a formula Ri=Li×Ti×PiCalculating the node security risk, and performing dynamic risk assessment on the system; wherein R isiIs the dynamic risk value, L, of node iiIs the asset importance level, T, of node iiIs the vulnerability threat level, P, of node iiIs the vulnerability risk index of node i;
and 8: and (5) repeating the step (5) to the step (7), and dynamically evaluating the target network based on the threat, thereby completing the safety evaluation of the target network.
Further, the method also comprises the step 9: and after a period of time, repeating the steps 4 to 8, and carrying out security assessment on the target network based on the vulnerabilities and threats.
Compared with the prior art, the invention has the beneficial effects that: 1) the risk assessment method combining static state and dynamic state effectively improves the real-time performance of network risk assessment; 2) the potential risk of the network is comprehensively evaluated by using vulnerability-based and threat-based methods, so that the accuracy of network risk evaluation can be effectively improved.
Drawings
FIG. 1 is a schematic diagram of a network security risk assessment method architecture according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments. The method dynamically evaluates the security of the target network on the basis of static risk evaluation by combining an intrusion detection system, vulnerability detection and real-time attack events acquired by a third party. Assets, threats and vulnerabilities are 3 fundamental elements of risk assessment.
In risk assessment, the value of an asset is typically defined by an expert or manager at the time of static assessment and does not change significantly over time. The information acquisition of the threat and the vulnerability can be carried out by means of corresponding tools. The system risk is reduced to within an acceptable range after the static risk assessment. Over time, the threat and vulnerability changes under the influence of internal and external factors, and the system risks rise beyond acceptable limits. The dynamic change of the information of the threat and the vulnerability can be carried out by means of corresponding tools.
The intrusion detection system and the firewall are used as a monitoring system, and can alarm abnormal events at any time, and the alarm information is the threat possibly suffered by the system and is also an important basis for evaluating the risk condition of the system. On the other hand, by using the vulnerability detection tool, the collected vulnerability information can be matched with the alarm information collected by the intrusion detection tool, so that the possibility of success or failure of the threat event is judged, and the risk condition of the system is evaluated.
The overall framework of the risk assessment method based on a combination of static and dynamic states is shown in fig. 1. Assets, threats and vulnerabilities are 3 fundamental elements of risk assessment. In order to dynamically evaluate the security risk of the network system, the dynamic risk evaluation of the network node adopts the following risk evaluation calculation formula:
Ri=Li×Ti×Pi(1)
in the formula (1), RiIs the dynamic risk value, L, of node iiIs the asset importance level, T, of node iiIs the vulnerability threat level, P, of node iiIs the vulnerability risk index of node i.
Assume that the quantified value of confidentiality, integrity and availability attribute (CIA for short) corresponding to a node is Lc、LI、LaAnd the quantization values of the different levels correspond from low to high (0.1, 0.3, 0.5, 0.7, 0.9), and the specific hierarchical quantization standard is omitted here, the calculation formula of the asset importance level L is
Where the round function representation is rounded to 3 decimal places.
The vulnerability threat level T is related to the ease with which the vulnerability is exploited. The vulnerability threat level is evaluated using a universal CVSS provided by the american institute of standards and technology. A CVSS score is a number in the range of 0 to 10. Each vulnerability consists of 3 attributes, which are respectively: base, Temporal, and Environmental. Wherein the Base attribute is related to the vulnerability threat level. The value range of the method is 0-10, so that the calculation formula of the vulnerability threat degree T is
Wherein Base is CVSS score, K is success probability of vulnerability attack and is a number in the range of 0-1, success probability of vulnerability attack is set according to an expert knowledge Base, easy attack type value is 0.8, general attack type value is 0.6, and difficult attack type value is 0.2.
P is the vulnerability risk index. After analyzing and studying intrusion detection, firewall and third party data samples, factors affecting the system asset risk status are summarized from the data. And analyzing and processing the factors to obtain the risk value of the system asset by using the formula (1). The factors affecting P are 3: alarm quantity parameter (Number, denoted Num), alarm source type (Category, denoted by Category), alarm Level (Level, denoted by Lev). The vulnerability risk index P is calculated by the formula
P=Num×Cate×Lev (4)
If the number of alarms detected on a host exceeds a predetermined threshold value within a period of time, the host may be considered to be more likely to be attacked, and a certain risk exists. Thus, the alarm quantity parameter over a period of time may reflect the current risk status of the asset, which may be one of the risk factors. And if the alarm quantity is relatively high, the possibility that the asset is attacked is high, and the risk is high. Therefore, a certain linear relation exists between the alarm quantity parameter and the vulnerability risk index P. Num is calculated as
Where ni is a certain alarm threshold, which needs to be set by an expert or administrator according to historical data or experience, and num is the number of certain alarms.
Typically, the alarm information originates from different systems, such as intrusion detection, firewalls, and third party devices. Therefore, if the data shows that alarm information from different sources happens to a certain current node, the node is likely to be attacked, and certain risks exist. Therefore, the alarm source type should also be one of the factors for risk assessment. The calculation formula of the alarm source type of the site is
Wherein cn is the total alarm source type, and ci is the source type of a certain alarm.
When alarming a potential security event, the current intrusion detection system or tool assigns a level to the alarm event to inform the user of the possible threat to the host by the event. If a host has a relatively high level of alarm events detected within a certain time period, the host is very likely to be severely attacked, and the risk index is very high. Obviously, the alarm level is also one of the important components reflecting the vulnerability risk index P. The calculation formula of the alarm level Lev is
Different system alarm events are endowed with different grades, and the method divides the alarm events into 3 grades of high, medium and low. If it gives an alarmThe pieces are given different grades, requiring an expert or administrator to classify them into these three levels when first used. N in formula (7)1、N2、N3Respectively corresponding to the number of alarm events in high, medium and low three levels, W1、W2、W3Is the corresponding level weight. Wherein 3 weights W1、W2、W3Requiring expert or administrator settings and showing relative importance.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. The static risk assessment technology is mature, the method is not described in detail, and the preparation work required by the method based on the static assessment result is briefly described below. The risk assessment method based on the combination of static state and dynamic state comprises 2 stages:
stage one: static risk assessment
1) Giving the static evaluation results.
2) And identifying the network assets, assigning asset value, and performing association analysis on the assets and the vulnerability.
3) And assigning the vulnerability exploitation success probability by using the CVSS evaluation index.
4) And (4) calculating the importance degree L of the node assets by using the formula (2).
And a second stage: dynamic risk assessment
1) And (3) carrying out vulnerability identification on the network nodes by utilizing a vulnerability scanner, detecting the vulnerability of the current node, and calculating the threat degree of each vulnerability by utilizing a formula (3) according to the CVSS evaluation index.
2) Receiving the current node real-time attack event alarm provided by an intrusion detection system, a firewall and a third party, and classifying the alarm information according to different vulnerabilities.
3) And analyzing and researching the intrusion detection, the firewall and the third-party data sample, and calculating an alarm quantity parameter Num influencing the node vulnerability risk index based on a formula (5).
4) And analyzing and researching the intrusion detection, the firewall and the third-party data sample, and calculating the alarm source type (Cate) influencing the node vulnerability risk index based on a formula (6).
5) And analyzing and researching the intrusion detection, the firewall and the third-party data sample, and calculating an alarm level parameter Lev influencing the node vulnerability risk index based on a formula (7).
6) And (3) calculating the vulnerability risk index P of the node by using a formula (4), then calculating the security risk of the node by using a formula (1), and carrying out dynamic risk evaluation on the system.
7) Repeat 2) through 6) to dynamically evaluate the target network based on the threat.
8) According to the security policy, after a period of time (e.g., a week or a month or a change in the network such as adding or subtracting devices) 1) to 6) are repeated, the target network is dynamically evaluated based on vulnerabilities and threats.
Claims (1)
1. A network security risk assessment method is characterized by comprising the following steps:
step 1: performing static risk assessment on the target network, and giving a static assessment result;
step 2: identifying the network assets, assigning asset value, and performing correlation analysis on the assets and the vulnerability;
and step 3: assigning the vulnerability adoption success probability by adopting a CVSS evaluation index; using a formulaCalculating the importance degree L of the node assets; wherein L isc、LI、LaRespectively representing the quantified values of confidentiality, integrity and availability attributes corresponding to the nodes, and rounding the function representation to 3 decimal places;
and 4, step 4: adopting a vulnerability scanner to carry out vulnerability identification on the network nodes, detecting the vulnerability of the current node, and adopting a formula according to the CVSS evaluation indexCalculating the threat degree T of each vulnerability; wherein Base is CVSS score, K isK is a number in the range of 0-1;
and 5: receiving current node real-time attack event alarms provided by an intrusion detection system, a firewall and a third party, and classifying alarm information according to different vulnerabilities;
step 6: analyzing the intrusion detection, the firewall and the third-party data sample;
based on the formulaCalculating an alarm quantity parameter Num influencing the node vulnerability risk index;
wherein ni is a certain alarm threshold, and num is the number of certain alarms;
based on the formulaCalculating an alarm source type (Cat) influencing the node vulnerability risk index; wherein, the total alarm source type of cn, ci is the source type of a certain alarm;
based on the formulaCalculating an alarm level parameter Lev influencing the node vulnerability risk index; wherein N is1、N2、N3Respectively corresponding to the number of high, medium and low level alarm events, W1、W2、W3Is the weight value of the corresponding level;
step 7, calculating the node vulnerability risk index P by adopting a formula P ═ Num × cast × Lev, and then adopting a formula Ri=Li×Ti×PiCalculating the node security risk, and performing dynamic risk assessment on the system; wherein R isiIs the dynamic risk value, L, of node iiIs the asset importance level, T, of node iiIs the vulnerability threat level, P, of node iiIs the vulnerability risk index of node i;
and 8: repeating the step 5 to the step 7, dynamically evaluating the target network based on the threat, and further finishing the safety evaluation of the target network;
and step 9: and after a period of time, repeating the steps 4 to 8, and carrying out security assessment on the target network based on the vulnerabilities and threats.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710364501.1A CN107204876B (en) | 2017-05-22 | 2017-05-22 | Network security risk assessment method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710364501.1A CN107204876B (en) | 2017-05-22 | 2017-05-22 | Network security risk assessment method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107204876A CN107204876A (en) | 2017-09-26 |
CN107204876B true CN107204876B (en) | 2020-09-29 |
Family
ID=59906389
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710364501.1A Expired - Fee Related CN107204876B (en) | 2017-05-22 | 2017-05-22 | Network security risk assessment method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107204876B (en) |
Families Citing this family (67)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107862205A (en) * | 2017-11-01 | 2018-03-30 | 龚土婷 | One kind assesses accurate information security risk evaluation system |
CN107819771B (en) * | 2017-11-16 | 2020-03-20 | 国网湖南省电力有限公司 | Information security risk assessment method and system based on asset dependency relationship |
CN108092985B (en) * | 2017-12-26 | 2021-04-06 | 厦门服云信息科技有限公司 | Network security situation analysis method, device, equipment and computer storage medium |
CN108229175B (en) * | 2017-12-28 | 2020-04-10 | 中国科学院信息工程研究所 | Correlation analysis system and method for multidimensional heterogeneous evidence obtaining information |
US11546365B2 (en) * | 2018-01-28 | 2023-01-03 | AVAST Software s.r.o. | Computer network security assessment engine |
CN108632081B (en) * | 2018-03-26 | 2021-10-08 | 中国科学院计算机网络信息中心 | Network situation evaluation method, device and storage medium |
CN108494787B (en) * | 2018-03-29 | 2019-12-06 | 北京理工大学 | Network risk assessment method based on asset association graph |
CN108764631A (en) * | 2018-04-24 | 2018-11-06 | 中国人民公安大学 | A kind of analysis and assessment method and system of anti-terrorism security risk |
CN108683662B (en) * | 2018-05-14 | 2020-08-14 | 深圳市联软科技股份有限公司 | Individual online equipment risk assessment method and system |
CN108429767A (en) * | 2018-05-29 | 2018-08-21 | 广西电网有限责任公司 | A kind of network safety situation forecasting system based on artificial intelligence |
CN108921433B (en) * | 2018-07-04 | 2021-08-13 | 大连和捷科技有限公司 | Risk quantitative analysis system based on business continuity |
CN110881016B (en) * | 2018-09-05 | 2021-06-01 | 华为技术有限公司 | Network security threat assessment method and device |
CN109871688B (en) * | 2018-09-21 | 2020-12-18 | 中国人民解放军国防科技大学 | Vulnerability threat degree evaluation method |
CN109376537B (en) * | 2018-11-06 | 2020-09-15 | 杭州安恒信息技术股份有限公司 | Asset scoring method and system based on multi-factor fusion |
CN109767352B (en) * | 2018-12-24 | 2023-08-01 | 国网山西省电力公司信息通信分公司 | Safety situation assessment method for electric power information physical fusion system |
CN109450956B (en) * | 2018-12-29 | 2021-06-08 | 奇安信科技集团股份有限公司 | Network security evaluation method, system, medium, and computer system |
CN110022293A (en) * | 2018-12-29 | 2019-07-16 | 国电南瑞科技股份有限公司 | A kind of electric network information physics emerging system methods of risk assessment |
CN110033202A (en) * | 2019-04-22 | 2019-07-19 | 广东电网有限责任公司 | A kind of methods of risk assessment and assessment system of power business system |
CN112087408A (en) * | 2019-06-12 | 2020-12-15 | 普天信息技术有限公司 | Method and device for evaluating network assets |
CN110545280B (en) * | 2019-09-09 | 2021-12-24 | 北京华赛在线科技有限公司 | Quantitative evaluation method based on threat detection accuracy |
CN112751809A (en) * | 2019-10-31 | 2021-05-04 | 中兴通讯股份有限公司 | Asset vulnerability calculation method and device, storage medium and server |
CN110851839B (en) * | 2019-11-12 | 2022-03-11 | 杭州安恒信息技术股份有限公司 | Risk-based asset scoring method and system |
CN111090862A (en) * | 2019-11-25 | 2020-05-01 | 杭州安恒信息技术股份有限公司 | Asset portrait method and system based on Internet terminal |
CN110991906B (en) * | 2019-12-06 | 2023-11-17 | 国家电网有限公司客户服务中心 | Cloud system information security risk assessment method |
CN110769007B (en) * | 2019-12-26 | 2020-11-24 | 国网电子商务有限公司 | Network security situation sensing method and device based on abnormal traffic detection |
CN111147497B (en) * | 2019-12-28 | 2022-03-25 | 杭州安恒信息技术股份有限公司 | Intrusion detection method, device and equipment based on knowledge inequality |
CN111586075B (en) * | 2020-05-26 | 2022-06-14 | 国家计算机网络与信息安全管理中心 | Hidden channel detection method based on multi-scale stream analysis technology |
CN112039704B (en) * | 2020-08-31 | 2022-03-29 | 中国民航大学 | Information system risk assessment method based on risk propagation |
CN112052457B (en) * | 2020-09-03 | 2023-09-19 | 中国银行股份有限公司 | Safety condition assessment method and device of application system |
CN112202764B (en) * | 2020-09-28 | 2023-05-19 | 中远海运科技股份有限公司 | Network attack link visualization system, method and server |
CN112465302B (en) * | 2020-11-06 | 2022-12-06 | 中国航空工业集团公司西安航空计算技术研究所 | System and method for evaluating network security risk of civil aircraft airborne system |
CN112291257B (en) * | 2020-11-11 | 2022-08-12 | 福建奇点时空数字科技有限公司 | Platform dynamic defense method based on event driving and timing migration |
CN112348371B (en) * | 2020-11-11 | 2024-08-02 | 奇安信科技集团股份有限公司 | Cloud asset security risk assessment method, device, equipment and storage medium |
CN112769747B (en) * | 2020-11-12 | 2022-11-04 | 成都思维世纪科技有限责任公司 | 5G data security risk evaluation method and evaluation system |
CN112491621A (en) * | 2020-11-30 | 2021-03-12 | 郑州轻工业大学 | Network security evaluation method and system |
CN112600800B (en) * | 2020-12-03 | 2022-07-05 | 中国电子科技网络信息安全有限公司 | Network risk assessment method based on map |
CN112737101B (en) * | 2020-12-07 | 2022-08-26 | 国家计算机网络与信息安全管理中心 | Network security risk assessment method and system for multiple monitoring domains |
CN112749394B (en) * | 2020-12-11 | 2022-08-02 | 苏宁消费金融有限公司 | Consumption financial assessment method based on network risk value |
CN112702345A (en) * | 2020-12-24 | 2021-04-23 | 福建技术师范学院 | Information vulnerability risk assessment method and device based on data element characteristics |
CN112819336B (en) * | 2021-02-03 | 2023-12-15 | 国家电网有限公司 | Quantification method and system based on network threat of power monitoring system |
CN113114647A (en) * | 2021-04-01 | 2021-07-13 | 海尔数字科技(青岛)有限公司 | Network security risk detection method and device, electronic equipment and storage medium |
CN113378158B (en) * | 2021-05-24 | 2024-09-20 | 南京航空航天大学 | Mobile network risk vulnerability assessment method and device |
CN113361888B (en) * | 2021-05-29 | 2024-07-02 | 北京威努特技术有限公司 | Industrial environment asset safety management method and system based on task tree |
CN113489680B (en) * | 2021-06-07 | 2023-10-24 | 广发银行股份有限公司 | Network attack threat level evaluation model, evaluation method, terminal and medium |
CN113486577B (en) * | 2021-06-28 | 2022-03-29 | 金陵科技学院 | Geographical big data transmission method based on mixed distribution estimation algorithm |
CN113824699B (en) * | 2021-08-30 | 2023-11-14 | 深圳供电局有限公司 | Network security detection method and device |
CN113839817B (en) * | 2021-09-23 | 2023-05-05 | 北京天融信网络安全技术有限公司 | Network asset risk assessment method and device and electronic equipment |
CN114139020B (en) * | 2021-12-08 | 2023-03-28 | 广西民族大学 | Network security event structure hierarchical processing method and device |
CN114329448B (en) * | 2021-12-15 | 2024-11-01 | 安天科技集团股份有限公司 | System security detection method and device, electronic equipment and storage medium |
CN114500024B (en) * | 2022-01-19 | 2024-03-22 | 恒安嘉新(北京)科技股份公司 | Network asset management method, device, equipment and storage medium |
CN116846570A (en) * | 2022-03-25 | 2023-10-03 | 华为技术有限公司 | Vulnerability assessment method and analysis equipment |
CN114978581A (en) * | 2022-04-11 | 2022-08-30 | 福建福清核电有限公司 | Host asset risk identification method based on data analysis |
CN115085965B (en) * | 2022-04-26 | 2024-05-03 | 南方电网数字电网研究院有限公司 | Power system information network attack risk assessment method, device and equipment |
CN115102834B (en) * | 2022-04-27 | 2024-04-16 | 浙江大学 | Change risk assessment method, device and storage medium |
CN114844953A (en) * | 2022-05-12 | 2022-08-02 | 机械工业仪器仪表综合技术经济研究所 | Petrochemical device instrument automatic control equipment safety monitoring system based on industrial internet |
CN114997607A (en) * | 2022-05-17 | 2022-09-02 | 保利长大工程有限公司 | Anomaly assessment early warning method and system based on engineering detection data |
CN115190058A (en) * | 2022-06-20 | 2022-10-14 | 国家计算机网络与信息安全管理中心 | Vehicle network data security risk assessment system, method and device |
CN115242465A (en) * | 2022-07-01 | 2022-10-25 | 电子科技大学成都学院 | Network equipment configuration method and network equipment |
CN115277490B (en) * | 2022-09-28 | 2023-01-17 | 湖南大佳数据科技有限公司 | Network target range evaluation method, system, equipment and storage medium |
CN115694912B (en) * | 2022-09-30 | 2023-08-04 | 郑州云智信安安全技术有限公司 | Calculation method of network asset security index |
CN115378744B (en) * | 2022-10-25 | 2023-01-10 | 天津丈八网络安全科技有限公司 | Network security test evaluation system and method |
CN115883262A (en) * | 2023-03-02 | 2023-03-31 | 天津市职业大学 | Information security risk assessment method, equipment and medium for intelligent networked automobile |
CN117081851B (en) * | 2023-10-10 | 2024-03-19 | 网思科技股份有限公司 | Display method, system and medium of network security situation awareness information |
CN117176476B (en) * | 2023-11-02 | 2024-01-02 | 江苏南通鑫业网络科技有限公司 | Network security assessment method and system based on node weight |
CN117749448B (en) * | 2023-12-08 | 2024-05-17 | 广州市融展信息科技有限公司 | Intelligent early warning method and device for network potential risk |
CN118413385A (en) * | 2024-05-29 | 2024-07-30 | 北京中天瑞合科技有限公司 | Internet content risk analysis and early warning method |
CN118413388B (en) * | 2024-06-21 | 2024-09-06 | 大家传承网络科技(深圳)有限公司 | Online evaluation system and method based on network security test |
-
2017
- 2017-05-22 CN CN201710364501.1A patent/CN107204876B/en not_active Expired - Fee Related
Non-Patent Citations (2)
Title |
---|
一种基于主机日志分析的实时风险评估模型的研究与实现;刘思帆;《中国优秀硕士学位论文全文数据库-信息科技辑》;20160315(第03期);第2.2.4节,第3、4章 * |
电力信息系统动静态风险评估技术研究;陈孟婕;《中国优秀硕士学位论文全文数据库-信息科技辑》;20150515(第05期);第1.3.3、1.4.1节 * |
Also Published As
Publication number | Publication date |
---|---|
CN107204876A (en) | 2017-09-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107204876B (en) | Network security risk assessment method | |
CN110620759B (en) | Multi-dimensional association-based network security event hazard index evaluation method and system | |
CN114584405B (en) | Electric power terminal safety protection method and system | |
KR101814368B1 (en) | Information security network integrated management system using big data and artificial intelligence, and a method thereof | |
CN107819771B (en) | Information security risk assessment method and system based on asset dependency relationship | |
TWI573036B (en) | Risk scoring for threat assessment | |
CN113965404A (en) | Network security situation self-adaptive active defense system and method | |
CN105681298A (en) | Data security abnormity monitoring method and system in public information platform | |
CN105009132A (en) | Event correlation based on confidence factor | |
Tianfield | Cyber security situational awareness | |
CN102098180A (en) | Network security situational awareness method | |
CN117879970B (en) | Network security protection method and system | |
CN112165470B (en) | Intelligent terminal access safety early warning system based on log big data analysis | |
CN112039862A (en) | Multi-dimensional stereo network-oriented security event early warning method | |
CN107846389B (en) | Internal threat detection method and system based on user subjective and objective data fusion | |
CN113162930A (en) | Network security situation sensing method based on electric power CPS | |
CN118041581A (en) | Network security situation prediction method and system based on artificial intelligence | |
Bode et al. | Risk analysis in cyber situation awareness using Bayesian approach | |
CN118101250A (en) | Network security detection method and system | |
CN112596984B (en) | Data security situation awareness system in business weak isolation environment | |
Peng et al. | Sensing network security prevention measures of BIM smart operation and maintenance system | |
CN115632884B (en) | Network security situation perception method and system based on event analysis | |
CN117614727A (en) | Situation awareness network security assessment method and system | |
CN107623677B (en) | Method and device for determining data security | |
CN118018231A (en) | Security policy management method, device, equipment and storage medium for isolation area |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200929 |